summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSean Pryor <spryor@redhat.com>2017-11-06 16:17:11 -0500
committerSean Pryor <spryor@redhat.com>2017-11-06 16:17:11 -0500
commit204b1f4c148f689145e859bb77b00f6e45ae8159 (patch)
tree6c7d2ed2c5687eab5ba52d82448c590eb0ab9e91
parent6427e7e3fcff29ddc758fb847fab34c0c115ce7a (diff)
parent1992842043393c597bf82142cf963b82cfa2ee59 (diff)
downloadopenstack-access-policy-204b1f4c148f689145e859bb77b00f6e45ae8159.zip
openstack-access-policy-204b1f4c148f689145e859bb77b00f6e45ae8159.tar.gz
openstack-access-policy-204b1f4c148f689145e859bb77b00f6e45ae8159.tar.xz
Merge branch 'master' of gitlab.cee.redhat.com:verizon-mpn-harris/OSP-Readonly-Policies
-rw-r--r--README.md37
1 files changed, 2 insertions, 35 deletions
diff --git a/README.md b/README.md
index 6642cbe..a6c9256 100644
--- a/README.md
+++ b/README.md
@@ -1,35 +1,2 @@
-This is a repository of the files/tools we are developping around
-integrating the sevone (monitoring software) into RH-OSP.
-
-This project includes several areas:
-- Add policy files to the overcloud to restrict the 'readonly' role and prevent
- update/create/delete operations.
-
-- Add tooling (OBSOLETE since this will be done through node-payload in the
- osp10 templates) to push/update policies on the overcloud.
-
-- Provide a MOP (Method of procedure) to enable Sevone pre-requisites on
- both the undercloud and overcloud. An ASCII version of the MOP is provided
- in this repository.
-
-This work on the 'readonly' role was a request of the VZW HQ Planning group.
-
-Here is how it works:
-
-On the undercloud, as the 'stack' user perform the following steps:
-
- 1) source stackrc
- 2) git clone https://gitlab.cee.redhat.com/vcojot/OSP-Readonly-Policies/tree/master
- 3) ./policydir/files/push_readonly_policies_to_overcloud.sh
- 4) source overcloudrc
- 5) openstack role create readonly
-
-(this will auto-detect the controllers and push the appropriate policies)
-
-To restrict a user, then simply do add the 'readonly' role to the user, do a:
-
- openstack role add --project <tenant_name> --user <user_name> readonly
-
-To lift the restrictions and re-enable modifications to the overcloud, do a:
-
- openstack role remove --project <tenant_name> --user <user_name> readonly
+This repo contains the current ongoing work of attempting to implement a
+read-only role via policy.json in OSP10 \ No newline at end of file